EE515: Security of Emerging Systems


Syllabus

Textbook
  • Required: Papers!
  • Optional
    • Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone (Editor), CRC Press, ISBN 0849385237, (October 16, 1996) Available on-line at http://www.cacr.math.uwaterloo.ca/hac/
    • Security Engineering by Ross Anderson, Available on-line.

Class Homepage: https://security101.kr

Read this document very carefully, as it defines what is required to perform effectively in this class.

Every scientific research starts from finding new problems. Likewise, the most important step in security research is to discover new attacks. New systems, such as self-driving automobiles, drones, 5G/6G cellular networks, Blockchain and machine learning continuously emerge. These new systems often come with completely new vulnerabilities, caused by its inherent design. Adversarial example against machine learning is an excellent example of new attacks on new systems. How can we find those unknown vulnerabilities from emerging systems? What kind of security problems these new systems have? These attacks are originated from various vulnerabilities, such as user interface design, ignorance or security by obscurity, deployment mistakes, and physical exposure. In this class, we learn methods to find these vulnerabilities in emerging systems with various case studies. We will look at various ingenuous attacks and discuss why and how such attacks were possible. This is the first crucial step to design and deploy systems robust against various attacks.

Instructor: Yongdae Kim
      Email: yongdaek@kaist.ac.kr
      Office: Room 201 N26 (CHiPs Building), 291 Daehangno, Yuseong-gu, Daejeon, 34141, Republic of Korea
      Lecture: Mon/Wed 1:00 PM - 2:30 PM, On-site for Professors (N1 #112)
      Office hours: TBD (Also possible by sending me an e-mail)

Course content : Security Fundamentals, Frequent Failures from user interface/data mining/software engineering, Case studies of various attacks on Peer-to-peer system, Social Networks, Cellular Networks, Botnets, Cloud Computing, Internet Control Plane, Medical devices, Automobiles, Crypto implementation, Hardware, etc.

Evaluation: The following rules will be strictly enforced.

Evaluation will consist of one lecture, reading report, and a research project. 


Lecture: 20 %
Reading report: 35 % (2.5 % x 14)
Project: 35 %
Participation: 10 %

Incompletes will in general not be given. These options will be considered only when a provably serious family or personal emergency arises, proof is presented, and the student has already completed all but a small portion of the work.

Scholastic conduct must be acceptable. Specifically,
you must write your own reading reports.